﻿<?php
//Establish Session
/**
 * @author Invisible Man
 * @copyright 2013
 */
 //Checking Admin
 require('../includes/admin_auth.php');
//Callback all pages
require('../config.php');
//Connect Database
require('../includes/db_connect.php');
 if (!isset($_GET['id'])) {
    header("location: member_list.php");
    exit();
 }
 else {
    $id = $_GET['id'];
 }
//Query
$sql = 'SELECT * FROM member WHERE member_id='.$id;
$query = mysql_query($sql, $db_con);
        if (mysql_num_rows($query) == 0) {
            header("location: member_list.php");
            exit();
        } else {
            $data_member_edit = mysql_fetch_assoc($query);
        }

//Before Enable
$page_title ='Sửa User';
$menu_ex = array("member_list.php" => "Danh sách User");
//Starting all pages

//Callback header
require('theme/default/header.php');
//Callback Content
//Checking input
$level_current = $data_member_edit['member_level'];
if (isset($_POST['btnEdit'])) {
    //Checking Permission
    if ($id == 1 && $_SESSION['id'] != 1 && $_SESSION['level'] > $level_current) {
        echo '<p class="error_msg">Bạn không được phép sửa User này</p>';
    } elseif ($id != 1 && $_SESSION['level'] > $level_current) {
        echo '<p class="error_msg">Bạn không được phép sửa User này</p>';
    } else {
        
    
        //Checking Empty
        //Check User Valid
        require('../includes/user_check.php');
        if (empty($_POST['txtUser'])) {
            echo '<p class="error_msg">Bạn chưa nhập tên User</p>';
        }
        elseif (user_filter($_POST['txtUser']) == false) { 
            echo'<p class="error_msg">Tên User có kí tự không hợp lệ, chỉ được phép xài các kí tự trong Alphabets và Numerics</p>';
        }
        
        elseif ($_POST['txtPass'] != $_POST['txtRePass']) {
            echo '<p class="error_msg">Password không trùng nhau</p>';
        }
        else {
                //Edit User
                $user = mb_strtolower($_POST['txtUser']);      
                $level = $_POST['sltLevel'];
                if (!empty($_POST['txtPass']) && user_check($_POST['txtUser'],$_POST['txtPass'], $user_length_name, $user_length_pass) == true) {
                    $pass = $_POST['txtPass'];
                    $sql_add = 'UPDATE member SET member_user="' .$user. '", member_pass="' .md5($pass). '", member_level=' .$level . ' WHERE member_id='.$id;
                } elseif (empty($_POST['txtPass'])) {
                    //echo '<p class="result_msg">OK</p>';
                    $sql_add = 'UPDATE member SET member_user="' .$user. '", member_level=' .$level. ' WHERE member_id='.$id;
                } else {
                    echo '<p class="error_msg">User/Password ngắn hơn 5 kí tự</p>';
                }
                
                mysql_query($sql_add,$db_con);
                    echo '
                    <script type="text/javascript">
                        window.location = "member_list.php";
                    </script> ';
                    exit();     
        }
    }
}
//FORM
echo '<form action="'.$_SERVER['PHP_SELF'].'?id=' .$id. '" method="post" style="width: 650px; margin: 30px auto;">
    <fieldset>
        <legend>Sửa User</legend>
        <table>
            <tr>
                <td></td>
                <td>
                    <span class="form_label">Username:</span>
                    <span class="form_item"><input type="text" name="txtUser" class="textbox" value="' .$data_member_edit['member_user']. '" maxlength="100" /></span><br />
                    <span class="form_label">Password:</span>
                    <span class="form_item"><input type="password" name="txtPass" class="textbox" maxlength="100" /></span><br />
                    <span class="form_label">Nhập lại Password:</span>
                    <span class="form_item"><input type="password" name="txtRePass" class="textbox" maxlength="100"/></span><br />
                    <span class="form_label">Quyền hạn:</span>
                    <span class="form_item">
                        <select name="sltLevel">';
                        
                        switch ($level_current) {
                            case 1:
                                echo ' 
                                        <option value="1" selected="selected">Administrator</option>
                                        <option value="2">Moderator</option>
                                        <option value ="3"">Member</option>';
                                break;
                            case 2:
                                echo ' 
                                        <option value="1">Administrator</option>
                                        <option value="2" selected="selected">Moderator</option>
                                        <option value ="3"">Member</option>';
                                break;
                            case 3:
                                echo ' 
                                        <option value="1" selected="selected>Administrator</option>
                                        <option value="2">Moderator</option>
                                        <option value ="3" selected="selected">Member</option>';
                                break;
                        }        
                        echo '
                        </select></span><br /><span class="form_label"></span>
                    <span class="form_item"><input type="submit" name="btnEdit" value="Sửa User" class="button"/></span><br />
                </td>
            </tr>
        </table>
    </fieldset>
</form>';
//Callback Footer
require('theme/default/footer.php');
?>

